250 likes | 536 Views
Extensible Messaging and Presence Protocol. Xintong Zhou Department of Computer Science Presentation for COMS W4995 VoIP Security Course Advisor: Prof. Schulzrinne. Outline. Overview Basic Concepts XMPP for IM and Presence XMPP for VoIP Discussion Summary. Overview.
E N D
Extensible Messaging and Presence Protocol Xintong Zhou Department of Computer Science Presentation for COMS W4995 VoIP Security Course Advisor: Prof. Schulzrinne
Outline • Overview • Basic Concepts • XMPP for IM and Presence • XMPP for VoIP • Discussion • Summary 10/15/2008
Overview • eXtensible Messaging and Presence Protocol • An open XML protocol for near-real-time messaging, presence, and request-response services • History • Developed by Jabber open-source community, 1999 • Formalized by IETF, 2002-2004 • Continuously extended by XMPP Standards Foundation 10/15/2008
Overview – Network Architecture • Decentralized server architecture 10/15/2008
Overview – Protocol Organization • Core protocols • XMPP Core (RFC 3920): Client, Server, XML Stream, XML Stanza, Resource Binding, TLS, SASL • XMPP IM (RFC 3921): Instant Messaging, Presence • Others, including XMPP CPIM (RFC 3922): Mapping XMPP to IETF’s CPIM spec • Extensions • Jingle (XEP-0166) • Jingle RTP Sessions (XEP-0167) • Others, including Jabber-RPC (XEP-0009), Privacy Lists (XEP-0016), Multi-user Chat (XEP-0045), Jingle File Transfer (XEP-0234) 10/15/2008
Basic Concept – JID • Jabber Identifier (JID) • Bare JID: [ entity “@” ] domain • Full JID: entity “@” domain “/” resource • Resource identifier enables multiple connected clients • Which resource to choose when messaging to someone/entity? • Who will determine? • Server or Client • How to determine • Strategy • Difference - IM vs. VoIP 10/15/2008
Basic Concept • XML Stream • The body of XMPP session • Container for the exchange of XML elements • XML Stanza • Semantic unit of structured information • Message: push information • Presence: publish-subscribe • IQ (Info/Query): request-response -- All XML examples are from RFC 3920, RFC 3921, XEP-0166 or XEP-0167. 10/15/2008
XMPP for IM and Presence • Steps leading to message exchange • 1. TLS negotiation • 2. SASL negotiation • 3. Resource binding • 4. Session establishment • 5. Initial presence • 6. Message & presence exchange • 1 – 3 : defined in XMPP Core • 4 – 6 : defined in XMPP IM 10/15/2008
Steps – TLS and SASL • Transport Layer Security (TLS) • Provide server authentication and communication privacy using cryptography • Setup an encrypted channel for further communication • Simple Authentication and Security Layer (SASL) • Provide client authentication • Setup an authenticated channel for further communication 10/15/2008
Steps – Resource Binding • Bind a specific resource to the current stream • Result in full JID • Using IQ stanza • Client request • Client asks server to bind a resource • Send IQ with empty bind element to request a resource • Client specifies the resource • Send IQ including the resource string • Server response • IQ including the full JID 10/15/2008
Steps – Session Establishment • Session on the server for the expected instant messaging and presence activities • May be required by the server 10/15/2008
Steps – Initial Presence • Get contacts’ presence 10/15/2008
Steps – Initial Presence (Cont.) • Subscribers get initial presence 10/15/2008
Steps - Messaging • Use Message stanza to send out messages • Direct to a client: Use full JID when reply to a message to preserve the context • Direct to a person/entity: Use bare JID for messages outside current context 10/15/2008
XMPP for VoIP – Jingle • XMPP protocol extension for initiating and managing peer-to-peer media sessions between two XMPP entities • Designed to be simple • Designed to interwork with SIP (also SDP) • Commands • Parameters 10/15/2008
XMPP for VoIP – Jingle (Cont.) • Take advantage of IQ stanza • Three concepts: session, content, transport 10/15/2008
XMPP for VoIP – Jingle RTP Sessions • Define a Jingle application type • Negotiation and management over XMPP • Voice and video over RTP • Share similar process to SIP • Protocol status: Experimental • Last updated: 2008-09-25 10/15/2008
Jingle RTP vs. SIP RTP 10/15/2008
Discussion - Security • Confidentiality • Transport Layer Security (TLS) • Authentication • Simple Authentication and Security Layer (SASL) • Privacy • Roster – Subscription • Basic states: none, to(user<-contact), from(user->contact), both • Privacy List – Blocking communication • Based on Messages, inbound/outbound presence, info/query, JID 10/15/2008
Discussion – Which client to talk with • Resource selection is related to server routing rules • Detailed rules defined in Section 11.1, XMPP IM • When bare JID <user@domain> contained in the ‘to’ attribute of an inbound stanza • For Message stanza - IM • Server SHOULD delivers the stanza to the highest-priority available resource • Server can determines the resource • For IQ stanza - VoIP • Server MUST NOT deliver the stanza to any of the available resources • Client determines the resource – determine function support 10/15/2008
Summary • XMPP is an open XML protocol mainly for IM and presence, but is extensible. • There is a set of core protocols and lots of extensions, covering IM, Presence, VoIP and etc. • XML stanza is the semantic building block of XMPP. • Message exchanging uses decentralized server architecture. • XMPP uses TLS to provide confidentiality, SASL to provide client authentication, Roster and Privacy List to provide privacy. 10/15/2008
Reference • RFC 3920: Extensible Messaging and Presence Protocol (XMPP): Core • RFC 3921: Extensible Messaging and Presence Protocol (XMPP): Instant Messaging and Presence • XEP-0166: Jingle • XEP-0167: Jingle RTP Sessions • RFC 3261: SIP: Session Initiation Protocol • Extensible Messaging and Presence Protocol http://en.wikipedia.org/wiki/Jabber • Transport Layer Security http://en.wikipedia.org/wiki/Secure_Sockets_Layer • Simple Authentication and Security Layer http://en.wikipedia.org/wiki/Simple_Authentication_and_Security_Layer • Digest access authentication http://en.wikipedia.org/wiki/Digest_access_authentication 10/15/2008